This disclosure relates generally to operating system security and more particularly to maintenance of kernel code integrity.
Computing platforms are steadily increasing in complexity, incorporating an ever-growing range of hardware and supporting an ever-growing range of applications. Consequently, the complexity of the central component of the computer operating system (“OS”), also known as the kernel, is steadily increasing.
The increased complexity of OS kernels also increases the number of security vulnerabilities. The effect of these vulnerabilities is compounded by the fact that, despite many efforts to make kernels modular, most kernels in common use today are monolithic in their design. A compromise of any part of a monolithic kernel could compromise the entire kernel. Because the kernel occupies a privileged position in the software stack of a computer system, compromising the kernel gives the attacker complete control of the system.
In view of the importance of the security of the kernel to the security of a system, a need exists for an agent that can maintain the integrity of existing kernels. Agents that do not mandate large-scale design changes to existing kernels are preferable, because such agents will ease deployment.